"Facebook collects data on ideology, sex, religious beliefs, personal tastes or navigation without clearly informing about the use and objective that it will give them", the watchdog's statement said.
A second issue was that Facebook wasn't obtaining specific and informed consent from the users because the data it was offering them about the collection was not sufficiently clear. Considering the data that has remained behind is no longer useful for the goal for which it was collected, the agency considered this another serious infringement of European Union privacy laws.
The Spanish watchdog's €1.2 million fine comes as data watchdogs across Europe are investigating Facebook. The social network was accused of failing to tell its millions of Spanish users what it planned to do with information on their ideology, sex, religious beliefs, personal interests and browsing habits.
The authority fined the corporation €600,000 for a single "very serious violation" of the country's data protection rules and €300,000 each for other two serious violations. The AEPD said users are not made aware of when their personal data is being processed through cookies when browsing non-Facebook pages that contain one of Facebook's social "Like" buttons.
Facebook users' activity can also be tracked on third-party sites, and the information collected added to what is already associated with a Facebook account, AEPD said. Whilst we value the opportunities we've had to engage with the DPA to reinforce how seriously we take the privacy of people who use Facebook, we intend to appeal this decision. The AEPD said this sort of collection doesn't comply with the EU's data protection regulations.